I was talking with a client and the topic of password crypting
came up. From my background as a C coder, I have a few criteria
to regard a mechanism to be safe. In this case we’ll just discuss
things from the perspective of secure storage, and validation in
an application.

use a digital fingerprint algorithm, not a
hash or CRC. A hash is by nature
lossy (generates evenly distributed duplicates) and a CRC is
intended to identify bit errors in transmitted data, not
compare potentially different data.

Store/use all of the fingerprint, not just part (otherwise
it’s lossy again).

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.